From owner-svn-src-projects@FreeBSD.ORG  Sun May 30 23:05:02 2010
Return-Path: <owner-svn-src-projects@FreeBSD.ORG>
Delivered-To: svn-src-projects@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B2C81106564A;
	Sun, 30 May 2010 23:05:02 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from svn.freebsd.org (unknown [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 9F76E8FC13;
	Sun, 30 May 2010 23:05:02 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o4UN52wV082507;
	Sun, 30 May 2010 23:05:02 GMT (envelope-from rwatson@svn.freebsd.org)
Received: (from rwatson@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id o4UN5257082496;
	Sun, 30 May 2010 23:05:02 GMT (envelope-from rwatson@svn.freebsd.org)
Message-Id: <201005302305.o4UN5257082496@svn.freebsd.org>
From: Robert Watson <rwatson@FreeBSD.org>
Date: Sun, 30 May 2010 23:05:02 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-projects@freebsd.org
X-SVN-Group: projects
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r208664 - in projects/capabilities8: lib/csu/amd64
	lib/csu/common lib/csu/i386-elf libexec/rtld-elf
	tools/cap/sandbox_world usr.bin/gzip
X-BeenThere: svn-src-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the src &quot; projects&quot;
	tree" <svn-src-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-projects>, 
	<mailto:svn-src-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-projects>
List-Post: <mailto:svn-src-projects@freebsd.org>
List-Help: <mailto:svn-src-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-projects>, 
	<mailto:svn-src-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 30 May 2010 23:05:02 -0000

Author: rwatson
Date: Sun May 30 23:05:02 2010
New Revision: 208664
URL: http://svn.freebsd.org/changeset/base/208664

Log:
  Merge c176294 from the p4 TrustedBSD Capabilities branch to capabilities8:
  
    Remove cap_main() from Capsicum: programs now detect they are in
    capability mode using ld_insandbox() or lcs_get().
  
  Submitted by:	jona

Modified:
  projects/capabilities8/lib/csu/amd64/crt1.c
  projects/capabilities8/lib/csu/common/crtbrand.c
  projects/capabilities8/lib/csu/i386-elf/Makefile
  projects/capabilities8/lib/csu/i386-elf/crt1_c.c
  projects/capabilities8/lib/csu/i386-elf/crt1_s.S
  projects/capabilities8/libexec/rtld-elf/rtld.c
  projects/capabilities8/tools/cap/sandbox_world/Makefile
  projects/capabilities8/tools/cap/sandbox_world/sandbox_world.c
  projects/capabilities8/usr.bin/gzip/gzip.c
  projects/capabilities8/usr.bin/gzip/gzsandbox.c

Modified: projects/capabilities8/lib/csu/amd64/crt1.c
==============================================================================
--- projects/capabilities8/lib/csu/amd64/crt1.c	Sun May 30 23:00:36 2010	(r208663)
+++ projects/capabilities8/lib/csu/amd64/crt1.c	Sun May 30 23:05:02 2010	(r208664)
@@ -45,7 +45,6 @@ extern void _fini(void);
 extern void _init(void);
 extern int main(int, char **, char **);
 extern void _start(char **, void (*)(void));
-extern void _capstart(char **, void (*)(void));
 
 #ifdef GCRT
 extern void _mcleanup(void);
@@ -94,41 +93,4 @@ __asm__("eprol:");
 	exit( main(argc, argv, env) );
 }
 
-/* The Capsicum entry function. */
-void
-_capstart(char **ap, void (*cleanup)(void))
-{
-	int argc;
-	char **argv;
-	char **env;
-	const char *s;
-
-	argc = *(long *)(void *)ap;
-	argv = ap + 1;
-	env = ap + 2 + argc;
-	environ = env;
-	if (argc > 0 && argv[0] != NULL) {
-		__progname = argv[0];
-		for (s = __progname; *s != '\0'; s++)
-			if (*s == '/')
-				__progname = s + 1;
-	}
-
-	if (&_DYNAMIC != NULL)
-		atexit(cleanup);
-	else
-		_init_tls();
-
-#ifdef GCRT
-	atexit(_mcleanup);
-#endif
-	atexit(_fini);
-#ifdef GCRT
-/*	monstartup(&eprol, &etext);*/
-/*__asm__("eprol:");*/             /* JA hope and pray... */
-#endif
-	_init();
-	exit( cap_main(argc, argv, env) );
-}
-
 __asm__(".ident\t\"$FreeBSD$\"");

Modified: projects/capabilities8/lib/csu/common/crtbrand.c
==============================================================================
--- projects/capabilities8/lib/csu/common/crtbrand.c	Sun May 30 23:00:36 2010	(r208663)
+++ projects/capabilities8/lib/csu/common/crtbrand.c	Sun May 30 23:05:02 2010	(r208664)
@@ -52,12 +52,3 @@ static const struct {
     __FreeBSD_version
 };
 
-extern int cap_main(int, char **, char **) __attribute__((weak));
-int cap_main(__unused int argc, __unused char **argv, __unused char **env)
-{
-	const char warning[] =
-		"ERROR: attempting to run a regular binary in capability mode!\n\nIf you want to run a binary in a sandbox, you must provide a cap_main() function, which takes the same arguments as main().\n";
-
-	write(2, warning, sizeof(warning));
-	return (-1);
-}

Modified: projects/capabilities8/lib/csu/i386-elf/Makefile
==============================================================================
--- projects/capabilities8/lib/csu/i386-elf/Makefile	Sun May 30 23:00:36 2010	(r208663)
+++ projects/capabilities8/lib/csu/i386-elf/Makefile	Sun May 30 23:05:02 2010	(r208664)
@@ -21,13 +21,13 @@ gcrt1.o: gcrt1_c.o crt1_s.o
 
 crt1.o:	crt1_c.o crt1_s.o
 	${LD} ${LDFLAGS} -o crt1.o -r crt1_s.o crt1_c.o
-	objcopy --localize-symbol _start1 --localize-symbol _capstart1 crt1.o
+	objcopy --localize-symbol _start1 crt1.o
 
 Scrt1_c.o:	crt1_c.c
 	${CC} ${CFLAGS} -DGCRT -fPIC -DPIC -c -o Scrt1_c.o ${.CURDIR}/crt1_c.c
 
 Scrt1.o: Scrt1_c.o crt1_s.o
 	${LD} ${LDFLAGS} -o Scrt1.o -r crt1_s.o Scrt1_c.o
-	objcopy --localize-symbol _start1 --localize-symbol _capstart1 Scrt1.o
+	objcopy --localize-symbol _start1 Scrt1.o
 
 .include <bsd.prog.mk>

Modified: projects/capabilities8/lib/csu/i386-elf/crt1_c.c
==============================================================================
--- projects/capabilities8/lib/csu/i386-elf/crt1_c.c	Sun May 30 23:00:36 2010	(r208663)
+++ projects/capabilities8/lib/csu/i386-elf/crt1_c.c	Sun May 30 23:05:02 2010	(r208664)
@@ -46,7 +46,6 @@ extern void _fini(void);
 extern void _init(void);
 extern int main(int, char **, char **);
 extern void _start(char *, ...);
-extern void _capstart(char *, ...);
 
 #ifdef GCRT
 extern void _mcleanup(void);
@@ -59,7 +58,6 @@ char **environ;
 const char *__progname = "";
 
 void _start1(fptr, int, char *[]) __dead2;
-void _capstart1(fptr, int, char *[]) __dead2;
 
 /* The entry function, C part. */
 void
@@ -96,37 +94,3 @@ __asm__("eprol:");
 
 __asm(".hidden	_start1");
 
-/* The Capsicum entry function. */
-void
-_capstart1(fptr cleanup, int argc, char *argv[])
-{
-	char **env;
-	const char *s;
-
-	env = argv + argc + 1;
-	environ = env;
-	if (argc > 0 && argv[0] != NULL) {
-		__progname = argv[0];
-		for (s = __progname; *s != '\0'; s++)
-			if (*s == '/')
-				__progname = s + 1;
-	}
-
-	if (&_DYNAMIC != NULL)
-		atexit(cleanup);
-	else
-		_init_tls();
-
-#ifdef GCRT
-	atexit(_mcleanup);
-#endif
-	atexit(_fini);
-#ifdef GCRT
-/* XXXCAP:	monstartup(&eprol, &etext); */
-/* XXXCAP: __asm__("eprol:"); */
-#endif
-	_init();
-	exit( cap_main(argc, argv, env) );
-}
-
-__asm(".hidden	_capstart1");

Modified: projects/capabilities8/lib/csu/i386-elf/crt1_s.S
==============================================================================
--- projects/capabilities8/lib/csu/i386-elf/crt1_s.S	Sun May 30 23:00:36 2010	(r208663)
+++ projects/capabilities8/lib/csu/i386-elf/crt1_s.S	Sun May 30 23:05:02 2010	(r208664)
@@ -41,17 +41,4 @@ _start:	xorl	%ebp,%ebp
 	call	_start1
 	.size	_start, . - _start
 
-	.globl	_capstart
-	.type	_capstart, @function
-_capstart:	xorl	%ebp,%ebp
-	pushl	%ebp
-	movl	%esp,%ebp
-	andl	$0xfffffff0,%esp # align stack
-	leal	8(%ebp),%eax
-	pushl	%eax		# argv
-	pushl	4(%ebp)		# argc
-	pushl	%edx		# rtld cleanup
-	call	_capstart1
-	.size	_capstart, . - _capstart
-
 	.ident	"$FreeBSD$"

Modified: projects/capabilities8/libexec/rtld-elf/rtld.c
==============================================================================
--- projects/capabilities8/libexec/rtld-elf/rtld.c	Sun May 30 23:00:36 2010	(r208663)
+++ projects/capabilities8/libexec/rtld-elf/rtld.c	Sun May 30 23:05:02 2010	(r208664)
@@ -106,9 +106,7 @@ static int do_search_info(const Obj_Entr
 static bool donelist_check(DoneList *, const Obj_Entry *);
 static void errmsg_restore(char *);
 static char *errmsg_save(void);
-#ifdef IN_RTLD_CAP
-static void *find_capstart(const Obj_Entry *);
-#else
+#ifndef IN_RTLD_CAP
 static void *fill_search_info(const char *, size_t, void *);
 static char *find_library(const char *, const Obj_Entry *);
 static const char *gethints(void);
@@ -352,7 +350,6 @@ _rtld(Elf_Addr *sp, func_ptr_type *exit_
 #ifdef IN_RTLD_CAP
     struct stat sb;
     Elf_Auxinfo aux_execfd;
-    void *capstart_ptr;
 #endif
     Elf_Auxinfo *aux_info[AT_COUNT];
     int i;
@@ -652,21 +649,7 @@ _rtld(Elf_Addr *sp, func_ptr_type *exit_
     *exit_proc = rtld_exit;
     *objp = obj_main;
 
-#ifdef IN_RTLD_CAP
-    /*
-     * If the object provides an alternative capability-mode specific entry
-     * point, prefer that to the ELF default entry point.  Otherwise, use the
-     * ELF default.
-     */
-    capstart_ptr = find_capstart(obj_main);
-    if (capstart_ptr == NULL) {
-	_rtld_error("_capstart not found; has the binary been compiled with -rdynamic?");
-	die();
-    }
-    return (func_ptr_type) capstart_ptr;
-#else
     return (func_ptr_type) obj_main->entry;
-#endif
 }
 
 Elf_Addr
@@ -833,25 +816,6 @@ origin_subst(const char *real, const cha
     return (res4);
 }
 
-#ifdef IN_RTLD_CAP
-static void *
-find_capstart(const Obj_Entry *obj)
-{
-    const char *capstart_str = "_capstart";
-    const Elf_Sym *def;
-    const Obj_Entry *defobj;
-    unsigned long hash;
-
-    hash = elf_hash(capstart_str);
-    def = symlook_default(capstart_str, hash, obj, &defobj, NULL,
-	SYMLOOK_IN_PLT);
-    if (def == NULL)
-	return (NULL);
-    if (ELF_ST_TYPE(def->st_info) != STT_FUNC)
-	return (NULL);
-    return (make_function_pointer(def, defobj));
-}
-#endif
 
 static void
 die(void)

Modified: projects/capabilities8/tools/cap/sandbox_world/Makefile
==============================================================================
--- projects/capabilities8/tools/cap/sandbox_world/Makefile	Sun May 30 23:00:36 2010	(r208663)
+++ projects/capabilities8/tools/cap/sandbox_world/Makefile	Sun May 30 23:05:02 2010	(r208664)
@@ -1,6 +1,6 @@
 PROG=sandbox_world
 NO_MAN=
-CFLAGS=-Wall -g -rdynamic
+CFLAGS=-Wall -g
 
 DPADD=	${LIBCAPABILITY} ${LIBSBUF}
 LDADD=	-lcapsicum -lsbuf

Modified: projects/capabilities8/tools/cap/sandbox_world/sandbox_world.c
==============================================================================
--- projects/capabilities8/tools/cap/sandbox_world/sandbox_world.c	Sun May 30 23:00:36 2010	(r208663)
+++ projects/capabilities8/tools/cap/sandbox_world/sandbox_world.c	Sun May 30 23:05:02 2010	(r208664)
@@ -53,6 +53,9 @@ __FBSDID("$FreeBSD$");
 
 #define	MYNAME	"sandbox_world"		/* Binary to run in sandbox. */
 
+int	ld_insandbox(void);
+int	sandbox(void);
+
 /*
  * Unsandboxed host process with full user rights.
  */
@@ -65,6 +68,8 @@ main(int argc, char *argv[])
 	size_t len;
 	char ch;
 
+	if (ld_insandbox()) return sandbox();
+
 	if (argc != 1)
 		errx(-1, "usage: sandbox_world");
 
@@ -99,7 +104,7 @@ main(int argc, char *argv[])
  * Sandboxed process implementing a 'printf hello world' RPC.
  */
 int
-cap_main(int argc, char *argv[])
+sandbox()
 {
 	struct lc_host *lchp;
 	u_int32_t opno, seqno;
@@ -142,4 +147,6 @@ cap_main(int argc, char *argv[])
 		}
 		free(buffer);
 	}
+
+	return 0;
 }

Modified: projects/capabilities8/usr.bin/gzip/gzip.c
==============================================================================
--- projects/capabilities8/usr.bin/gzip/gzip.c	Sun May 30 23:00:36 2010	(r208663)
+++ projects/capabilities8/usr.bin/gzip/gzip.c	Sun May 30 23:05:02 2010	(r208664)
@@ -259,6 +259,11 @@ static	off_t	unpack(int, int, char *, si
 
 int main(int, char **p);
 
+#ifndef NO_SANDBOX_SUPPORT
+int ld_insandbox(void);
+int gzsandbox(void);
+#endif
+
 #ifdef SMALL
 #define getopt_long(a,b,c,d,e) getopt(a,b,c)
 #else
@@ -297,6 +302,10 @@ main(int argc, char **argv)
 #endif
 	int ch;
 
+#ifndef NO_SANDBOX_SUPPORT
+	if (ld_insandbox()) return gzsandbox();
+#endif
+
 	/* XXX set up signals */
 
 #ifndef SMALL

Modified: projects/capabilities8/usr.bin/gzip/gzsandbox.c
==============================================================================
--- projects/capabilities8/usr.bin/gzip/gzsandbox.c	Sun May 30 23:00:36 2010	(r208663)
+++ projects/capabilities8/usr.bin/gzip/gzsandbox.c	Sun May 30 23:05:02 2010	(r208664)
@@ -53,6 +53,8 @@ __FBSDID("$FreeBSD$");
 
 #ifndef NO_SANDBOX_SUPPORT
 
+int	gzsandbox(void);
+
 static char *lc_sandbox_argv[] = { __DECONST(char *, LC_USR_BIN_GZIP_SANDBOX),
 				    NULL };
 
@@ -325,8 +327,7 @@ unbzip2_wrapper(int in, int out, char *p
 /*
  * Main entry point for capability-mode 
  */
-int
-cap_main(__unused int argc, __unused char *argv[])
+int gzsandbox(void)
 {
 	int fdarray[2], fdcount;
 	struct lc_host *lchp;